Check patentability & draft patents in minutes with Patsnap Eureka AI!

Binary code similarity analysis method for vulnerability detection

A binary code and similarity analysis technology, which is applied in the field of binary code similarity analysis for vulnerability detection, can solve the problem of not considering dependency information and basic block semantic information at the same time, and achieve the effect of improving accuracy and coverage

Active Publication Date: 2021-04-30
HARBIN INST OF TECH
View PDF8 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Existing learning-based binary similarity detection techniques have achieved some results, but there are still some limitations: 1) No effective program-wide binary differentiation can be performed at the fine-grained basic block level
2) Failure to consider both program-wide dependency information and basic block semantic information during analysis

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Binary code similarity analysis method for vulnerability detection
  • Binary code similarity analysis method for vulnerability detection
  • Binary code similarity analysis method for vulnerability detection

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment 1

[0030] according to Figure 1-Figure 2 As shown, the present invention provides a binary code similarity analysis method oriented to vulnerability detection, comprising the following steps:

[0031] A binary code similarity analysis method oriented to vulnerability detection, comprising the following steps:

[0032] Step 1: Select the source code vulnerability library; in the step 1, select OpenSSL as the source code vulnerability library.

[0033] Step 2: Compile the code in the source code vulnerability library to form a binary file; the step 2 is specifically: compile the code in the source code vulnerability library into a corresponding binary file through different optimization levels and compilation options.

[0034] Step 3: According to the obtained binary file, train the binary file through the word embedding model to generate an embedded vector of the instruction;

[0035] The step 3 is specifically:

[0036] Step 3.1: Use the word embedding model to train the bina...

specific Embodiment 2

[0048] The purpose of the present invention is to detect whether a given binary file contains the vulnerabilities included in the specified source code vulnerability library. This paper mainly compiles the source code vulnerability database into a binary vulnerability database, uses machine learning methods to detect the similarity between a given binary file and the files in the vulnerability database, and then determines the top K matching vulnerabilities.

[0049] Step 1: Select the source code vulnerability library. In order to detect whether the binary file contains vulnerabilities as much as possible, it is necessary to select a representative and authoritative vulnerability library, which contains common vulnerabilities as much as possible. Therefore, this method selects OpenSSL as this method. Vulnerability library for method experiments.

[0050] Step 2: Compile the code in the source code vulnerability library into corresponding binary files through different optimiz...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a binary code similarity analysis method for vulnerability detection. The invention relates to the technical field of vulnerability detection. The method includes selecting a source code vulnerability library; compiling codes in the source code vulnerability library to form a binary file; according to the obtained binary file, training the binary file through a word embedding model to generate an embedding vector of the instruction; analyzing the instruction embedding vector to generate a basic block embedding vector; and performing similarity detection on the generated basic block embedding vector, and determining whether the binary file contains vulnerabilities or not. According to the invention, the source code in the vulnerability library is compiled into the binary file by adopting different optimization levels and compiling options, so that the detection accuracy and coverage rate are improved.

Description

technical field [0001] The invention relates to the technical field of loophole detection, and relates to a binary code similarity analysis method for loophole detection. Background technique [0002] In the field of static analysis, BinDiff is a commercial binary diff tool that performs many-to-many graph isomorphism detection on call graphs and control flow graphs (CFGs), and uses heuristics (e.g., function names, graph edge MD indices) to match functions and basic blocks. Other techniques based on static analysis perform matching on the generated control and data flow graphs or decompose the graphs into fragments. Most of these methods only consider the syntax of the instructions, not the semantics, which is critical in the analysis process, especially when dealing with different compiler optimization techniques. And graph matching algorithms like the Hungarian algorithm are expensive and do not guarantee optimal matching. [0003] Another area of ​​research is dynamic...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56G06F21/57G06F8/41G06F8/53
CPCG06F8/41G06F8/53G06F21/563G06F21/577
Inventor 王莘姜训智程蕾蓉
Owner HARBIN INST OF TECH
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com